Welcome to GeekPolice!

Our Appeal to YOU: Please join and help us grow this website. We truly love technology and security and we want to share it with the world. Recognize the excitement of technology here daily:☞Security Discussion on malware, ransomware, and much more!
☞24/7 hard- and software tech support (+mobile!)
☞Virus and malware removal support
☞Tons of tutorials, guides and solutions
☞The very finest of our voluntary Support Staff
☞Much, much more absolutely FREE of any charge!

Note to non-members: Guests are able to open topics and reply to posts; however, guests are not allowed to create their own profile, unless they register (which you can do so below). By registering, you unlock many more capabilities of this site, and are able to interact with other members including making friends! Who wouldn't love a friendly tech community? Join us now!

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.

Hi,I performed the first task with hijackthis. The second task where I have to install mbam, does not work. I am not able to successfully install that application. In the first case it does not even start installation. However in the processess in task manager, it shows that it is running. After many retries, i renamed the installation file and then it installed upto a point where the installer says "Finishing installation". And nothing happens after that. The computer freezes. I tried opening the software thinking that the software has installed, but nothing happens. Also note that this happens in both safe mode and normal mode. Normal mode still frezees. In safe mode I am not allowed any installations.Thx.

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab * Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.4. Please do not rename Combofix to other names, but only to the one indicated.5. Close any open browsers.6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

We need to disable your local AV (Anti-virus) before running Combofix.

See HERE for how to disable your AV.

Double click on ComboFix.exe.

Follow the prompts. NOTE:

ComboFix will check to see if the Microsoft Windows Recovery Console is installed.***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.

The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

Allow ComboFix to download the Recovery Console.

Accept the End-User License Agreement.

The Recovery Console will be installed.

You will then get this next prompt that asks if you want to continue the malware scan, select yes

Allow combofix to run

Post C:\combofix.txt back here.

Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

c:\docume~1\Admin\LOCALS~1\Temp\wscsvc32.exec:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\h6xe5rya.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\h6xe5rya.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\chrome\xulcache.jarc:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\h6xe5rya.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\defaults\preferences\xulcache.jsc:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\h6xe5rya.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\install.rdfc:\documents and settings\All Users\Start Menu\Programs\Startup\OfficeSAS.lnkc:\documents and settings\userid\Application Data\Mozilla\Firefox\Profiles\939cescf.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}c:\documents and settings\userid\Application Data\Mozilla\Firefox\Profiles\939cescf.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\chrome\xulcache.jarc:\documents and settings\userid\Application Data\Mozilla\Firefox\Profiles\939cescf.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\defaults\preferences\xulcache.jsc:\documents and settings\userid\Application Data\Mozilla\Firefox\Profiles\939cescf.default\extensions\{ebe97a55-db2f-4f0a-bb9a-1444909b27dc}\install.rdfc:\documents and settings\userid\Application Data\ShoppingReportc:\documents and settings\userid\Application Data\ShoppingReport\cs\Config.xmlc:\documents and settings\userid\Application Data\ShoppingReport\cs\db\Aliases.dbsc:\documents and settings\userid\Application Data\ShoppingReport\cs\db\Sites.dbsc:\documents and settings\userid\Application Data\ShoppingReport\cs\dwld\WhiteList.xipc:\documents and settings\userid\Application Data\ShoppingReport\cs\report\aggr_storage.xmlc:\documents and settings\userid\Application Data\ShoppingReport\cs\report\send_storage.xmlc:\documents and settings\userid\Application Data\ShoppingReport\cs\res1\WhiteList.dbsc:\documents and settings\userid\Application Data\WeatherDPAc:\documents and settings\userid\Application Data\WeatherDPA\Weather\WeatherStartup.xmlc:\windows\system32\drivers\H8SRTbuforccghb.sysc:\windows\system32\GroupPolicy000.datc:\windows\system32\H8SRTkdhlanvtrs.datc:\windows\system32\H8SRTqqehnfcfpk.dllc:\windows\system32\H8SRTrfwfnwmixr.dllc:\windows\system32\H8SRTwkvjpukjqt.dllc:\windows\system32\LocalService\313.crack.zipc:\windows\system32\LocalService\313.crack.zip.kwdc:\windows\system32\LocalService\314.keygen.zipc:\windows\system32\LocalService\314.keygen.zip.kwdc:\windows\system32\LocalService\315.serial.zipc:\windows\system32\LocalService\315.serial.zip.kwdc:\windows\system32\LocalService\316.setup.zipc:\windows\system32\LocalService\316.setup.zip.kwdc:\windows\system32\LocalService\317.music.auc:\windows\system32\LocalService\317.music.au.kwdc:\windows\system32\LocalService\318.music2.auc:\windows\system32\LocalService\318.music2.au.kwdc:\windows\system32\LocalService\319.music3.auc:\windows\system32\LocalService\319.music3.au.kwdc:\windows\system32\LocalService\320.music4.auc:\windows\system32\LocalService\320.music4.au.kwdc:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.jobc:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

I see that you are running µTorrent.P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe. The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

µTorrentJava 2 Runtime Environment, SE v1.4.2_06

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: